Your RSA-2048 keys break in 2030. Find every one of them before attackers do.
🐹 Go

GHSA-m23h-6mwm-39m8

Kong Ingress Controller for Kubernetes (KIC): Cross-namespace TLS Secret Exfiltration in Gateways with GatewayClass missing `konghq.com/gatewayclass-unmanaged: 'true'` annotation

Also known asGO-2026-5485
Published
May 19, 2026
Updated
Jun 25, 2026
Affected
4 pkgs
Patched
2 / 4
Exploits
None indexed

Blast Radius

4 pkgs affected
🐹github.com/kong/kubernetes-ingress-controller/v3🐹github.com/kong/kubernetes-ingress-controller/v3🐹github.com/kong/kubernetes-ingress-controller/v2🐹github.com/kong/kubernetes-ingress-controller

Real-time download stats are indexed for npm and PyPI packages. This vulnerability affects Go packages — download data is not available via public APIs for these ecosystems.

Description

Summary

A vulnerability in the Kong Ingress Controller (KIC) allows for the unauthorized exfiltration of TLS certificates and private keys across Kubernetes namespace boundaries. In "managed" mode (where the GatewayClass lacks an unmanaged annotation), the Gateway TLS translator skips critical status checks. This bypass allows the translator to fetch Secrets from any namespace KIC watches, even when a ReferenceGrant explicitly denies access or is missing.

An actor with RBAC permissions to create or modify Gateways in a low-privileged namespace can reference a Secret in a high-privileged namespace, causing KIC to "leak" that Secret's sensitive private key material into the Kong dataplane configuration.

Am I affected?

You are affected if all of these hold:

  1. You are using Kong Ingress Controller with the Gateway API.
  2. Your GatewayClass is operating in managed mode (default behavior, no unmanaged annotation).
  3. KIC is configured to watch multiple namespaces (multi-tenant environment).
  4. Users have RBAC permissions to create or update gateways.gateway.networking.k8s.io in their own namespaces.

You are not affected if any of this:

  • You only use KIC for Ingress resources (not Gateway API).
  • Your GatewayClass uses the konghq.com/gateway-unmanaged annotation.
  • KIC is restricted via RBAC or configuration to only watch a single namespace.
  • You have strictly limited Gateway creation/modification permissions to trusted cluster administrators only.

Mitigation

  1. Add unmanaged gateway annotation: add the konghq.com/gateway-unmanaged annotation to your GatewayClass

Additional best practicies

  1. Restrict Gateway RBAC: Limit the ability to create or modify Gateway resources to high-trust administrative users until a patch is applied.
  2. Namespace Isolation: If possible, limit the namespaces KIC is permitted to watch using the WATCH_NAMESPACE environment variable or specific RBAC RoleBindings.

Fix

The fix mandates ReferenceGrant validation for all cross-namespace certificate references. By requiring a Programmed: True listener status, the translator now strictly authorizes external Secret access while maintaining default access for same-namespace certificates, effectively closing the exfiltration vector.

Fixed in #7920, with backports to supported release branches in #7921 and #7922.

Upgrade to one of the following patched versions (or later):

  • 3.4.14
  • 3.5.7

CVSS

CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/E:P = 5.6 Medium

Affected Packages

4 total 2 fixed
EcosystemPackageVulnerable rangeFix
🐹Gogithub.com/kong/kubernetes-ingress-controller/v33.5.0&&< 3.5.73.5.7
🐹Gogithub.com/kong/kubernetes-ingress-controller/v3all versions3.4.14
🐹Gogithub.com/kong/kubernetes-ingress-controller/v2all versionsNo fix
🐹Gogithub.com/kong/kubernetes-ingress-controllerall versionsNo fix

Detection & mitigation playbook

Open-source dependency
  1. Detect

    Scan your dependency tree (package-lock.json, pnpm-lock.yaml, requirements.txt, go.sum, etc.) for github.com/kong/kubernetes-ingress-controller/v3. O3's reachability analysis confirms whether the vulnerable code path is actually invoked in your application, so you act on real exposure instead of every transitive match.

  2. Fix

    Update github.com/kong/kubernetes-ingress-controller/v3 to 3.5.7 or later, then make sure no transitive (indirect) dependency still pins the vulnerable range — O3 confirms GHSA-m23h-6mwm-39m8 is resolved across your whole dependency graph.

  3. Workarounds

    If you can't upgrade right away: gate or disable the affected feature, validate untrusted input at the boundary, and avoid passing attacker-controlled data into the vulnerable path. O3's runtime protection blocks exploitation in production as an interim safeguard until the upgrade lands.

  4. How O3 protects you

    O3 pinpoints whether GHSA-m23h-6mwm-39m8 is reachable in your code and exactly where to fix it, then blocks exploitation in production at runtime until the patched version is deployed.

Tailored to GHSA-m23h-6mwm-39m8. Runtime protection reduces exposure until a permanent patch is applied and verified — it complements patching, it doesn't replace it.

Frequently Asked Questions

## Summary A vulnerability in the Kong Ingress Controller (KIC) allows for the unauthorized exfiltration of TLS certificates and private keys across Kubernetes namespace boundaries. In "managed" mode (where the `GatewayClass` lacks an unmanaged annotation), the Gateway TLS translator skips critical status checks. This bypass allows the translator to fetch Secrets from any namespace KIC watches, even when a `ReferenceGrant` explicitly denies access or is missing. An actor with RBAC permissions to create or modify Gateways in a low-privileged namespace can reference a Secret in a high-privileg
O3 Security · Impact-Aware SCA

Is GHSA-m23h-6mwm-39m8 in your dependencies?

O3 detects GHSA-m23h-6mwm-39m8 across Go dependencies and uses function-level reachability to confirm whether the vulnerable code path is actually reachable — not just present. No false positives.